[PATCH] 779 Fixed problem reading HSM password from password file.
by Endi Sukma Dewata
A new method get_token_password() has been added into PKIInstance
Python class in order to read the token password correctly from
password.conf. If the token is an internal token, it will read the
'internal' password. If it is an HSM it will read the password for
'hardware-<token>'.
The codes that call the get_password() to get token password have
been modified to use get_token_password() instead.
https://fedorahosted.org/pki/ticket/2384
--
Endi S. Dewata
7 years, 9 months
[DESIGN] Lightweight CA renewal
by Fraser Tweedale
Hullo all,
FreeIPA Lightweight CAs implementation is progressing well. The
remaining big unknown in the design is how to do renewal. I have
put my ideas into the design page[1] and would appreciate any and
all feedback!
[1] http://www.freeipa.org/page/V4/Sub-CAs#Renewal
Some brief commentary on the options:
I intend to implement approach (1) as a baseline. Apart from
implementing machinery in Dogtag to actually perform the renewal -
which is required for all the approaches - it's not much work and
gets us over the "lightweight CAs can be renewed easily" line, even
if it is a manual process.
For automatic renewal, I am leaning towards approach (2). Dogtag
owns the lightweight CAs so I think it makes sense to give Dogtag
the ability to renew them automatically (if configured to do so),
without relying on external tools i.e. Certmonger. But as you will
see from the outlines, each approach has its upside and downside.
Cheers,
Fraser
7 years, 10 months
[PATCH] pki-cfu-0140-Ticket-2346-support-SHA384withRSA.patch
by Christina Fu
This patch adds support for SHA384withRSA signing algorithm.
It addresses ticket: https://fedorahosted.org/pki/ticket/2346
java.security.NoSuchAlgorithmException: no such algorithm:
OID.1.2.840.113549.1.1.12 for provider Mozilla-JSS when signing a CSR
using SHA384withRSA
Tested to work with
1. the CSR provided by bug reporter in ticket against caServerCert
enrollment profile
2. few selected profiles
sample result:
Signature Algorithm: SHA384withRSA - 1.2.840.113549.1.1.12
thanks,
Christina
7 years, 10 months